Cybersecurity

May 23, 2019
 

Sentar Inc.,* Huntsville, Alabama, was awarded a $10,426,896 hybrid (cost-no-fee and firm-fixed-price) contract for cyber security and information management support services. Twenty five bids were solicited with six bids received. Work will be performed in Huntsville, Alabama, with an estimated completion date of November 30, 2024. Fiscal year 2019 operations and maintenance, Army and Army working capital funds in the amount of $1,683,982 were obligated at the time of the award. U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity (W31P4Q-19-F-0323). *Small Business

May 22, 2019
By Julianne Simpson
David Sanger, national security correspondent for The New York Times, discusses cyber at the AFCEA-GMU C4I and Cyber Center Symposium.

Cyber is fundamentally changing the national security landscape. David Sanger, national security correspondent for The New York Times and author of The Perfect Weapon, used his keynote address on day two of the AFCEA-GMU C4I and Cyber Center Symposium not to explain what is happening, but why this is happening.

To illustrate the new age of weaponizing information, Sanger described the differences between Watergate and the hack of the DNC in December 2016. The Russians didn’t have to do anything the Watergate hackers did.

May 14, 2019
Kimberly Underwood
Lawmakers have created a new organization, the Cyberspace Solarium Commission, to tackle a national cybersecurity policy.

Legislators on Capitol Hill have formed the Cyberspace Solarium Commission, known as the CSC, which will put together a comprehensive U.S. cyber policy. Sen. Angus King (I-Maine), who is co-chairing the new organization with Rep. Michael Gallagher (R-Wisc.), announced the formation of the Geneva Convention-type commission in a call with reporters on May 13. The establishment of the commission was outlined in last year’s National Defense Authorization Act (NDAA), Sen. King said.

May 1, 2019
By Julianne Simpson
Mr.B-king/Shutterstock

The cybersecurity workforce gap is real, and it’s growing. Based on a state-by-state analysis on CompTIA’s cyberstates.org, there are currently 320,000 open cyber jobs in the United States. By 2022, the projected shortage of cybersecurity professionals worldwide will reach 1.8 million, according to the Center for Cyber Safety and Education.

May 1, 2019
By Howard R. Bandler
While preparing for a command cyber readiness inspection (CCRI), Staff Sgt. Jerome Duhan, USAF, a network administrator with the 97th Communications Squadron, inserts a hard drive into the network control center retina server at Altus Air Force Base, Oklahoma. Air Force photo by Senior Airman Franklin R. Ramos, USAF

Thirty years after the Morris Worm, networks face a long and growing list of potential attack vectors employed by an almost limitless number of threat sources, including criminals, hacktivists and nation-state actors. In response to threats, the U.S. Defense Department has taken prudent measures to shore up vulnerable systems and networks. In accordance with the well-established practice of concentric rings of security, the most sensitive department data exists on its most secure and isolated networks.

April 24, 2019
By Robert K. Ackerman
Suzette Kent, federal chief information officer, Office of Management and Budget, describes the information security thrusts the federal government will undertake during her keynote address at the AFCEA Homeland Security Conference in Washington.

The federal government is moving forward with coordinated efforts to improve its information system security before year’s end. Both growing threats and potential advantages are compelling these concurrent thrusts.

Suzette Kent, federal chief information officer, Office of Management and Budget, described these efforts during the Wednesday keynote address at the AFCEA Homeland Security Conference in Washington, D.C. Personnel, methodology and technology all are playing a role in these diverse actions, which aim to help secure government data and access to it.

April 8, 2019
By Maryann Lawlor
The Ghidra tool suite examines compiled code using disassembly, decompilation and graphing.

The National Security Agency is now sharing the source code of Ghidra, its reverse engineering tool developed by the agency’s Research Directorate in support of its cybersecurity mission. Ghidra, a suite of software analysis tools, examines complied code using capabilities such as disassembly, assembly, decompilation, graphing and scripting.

Ghidra helps analyze malicious code and malware and improves cybersecurity professionals’ understanding of potential vulnerabilities in their networks and systems. With this release, developers can now collaborate, create patches and extend the tool to fit their cybersecurity needs.

April 1, 2019
By Maryann Lawlor
System and information security can be measured in a number of ways, including how it affects the bottom line. Credit: Shutterstock

Senior executives are increasingly interested in objective measurements to determine the robustness of their organizations’ cybersecurity protections. However, measuring the adequacy of network and data security can be likened to verifying the amount of air in a room: A formula can ascertain how much air the room contains in theory, but does it take into account the leaky windows?

April 1, 2019
By Kimberly Underwood
Given that one of the water sector’s challenges in protecting infrastructure from cyber attacks is cost, research is needed into affordable security measures for control systems. Credit: Daniel Jedzura/Shutterstock

The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities, given local-level water processing operations.

Along with physically securing its critical infrastructure, the water industry has to leverage available tools to protect against cyber attacks, an expert says.

April 1, 2019
By Donara Barojan
While U.S. officials have focused on how Russia’s use of social media may have interfered with the 2016 presidential elections, Iran has been quietly using the platforms to forge a battle of its own. Credit: Milosz Maslanka/Shutterstock.com

Russia may have popularized the manipulation of social media to further its own agenda, but it was not the first country to do so, nor will it be the last. A number of other countries are engaging in similar tactics, but so far have flown largely under the radar. The Oxford Internet Institute found that at least 28 countries worldwide are exploiting social media to influence the public opinion of their own or foreign populations.

April 1, 2019
By Cathy Hall
By employing the Zero Trust concept, organizations benefit from a stronger security posture, including decreased reputational risk with their customers and partners. Credit: JNE Valokuvaus/Shutterstock

In today’s environment, the network no longer can be considered a safe zone. Every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. The realization that perimeter protection alone is not sufficient has led to the security concept of Zero Trust. In this never-trust/always-verify approach, all entities and transactions rely on multiple solutions to work together and secure digital assets.

April 1, 2019
By Kimberly Underwood
Maj. Gen. Wolfgang Renner (l), GEAF, commander, NATO CIS Group and deputy chief of staff cyberspace, SHAPE, and Col. Donald Lewis, USAF, deputy director, NATO CyOC, discuss the establishment of the alliance’s cyber operations at the CyCon U.S. conference in November 2018.

NATO’s longtime motto says that an attack on one NATO member is considered an attack on all the alliance. Today, this creed also applies to cyberspace, alliance leaders indicate. NATO’s new Cyberspace Operations Center, formed in August 2018, takes up the mantle of defending the alliance in the digital realm.

March 1, 2019
By Henry S. Kenyon
A U.S. Navy Naval Air Systems Command (NAVAIR) proof-of-concept project is using blockchain technology to manage the life cycle for new and spare parts supporting the service’s F-18 fighter jets.  Photo courtesy of Boeing

A prototype U.S. Navy program is turning to blockchain technology to help track aviation parts throughout their life cycles. The approach automates what is now a mostly manual process and provides aircraft maintenance personnel with accurate, detailed information about each part’s origins and order/reorder status.

February 27, 2019
By Kimberly Underwood
Congress is keeping an eye on the Defense Department’s information technology efforts. Credit:Shutterstock/Tono Balaguer

The U.S. House of Representatives is examining the status of the Defense Department’s information technology, modernization efforts and strategic direction. The House Armed Forces Committee’s Subcommittee on Intelligence and Emerging Threats and Capabilities, led by ranking member Rep. James Langevin (D-R.I.), held a hearing on February 26, with top DOD IT leaders testifying.   

February 1, 2019
By Shaun Waterman

The major challenges faced by federal agencies and DoD components in managing their cybersecurity and other risks include personnel shortages, daunting compliance requirements and the need for consistent data reporting and management across multiple elements of a diverse and geographically dispersed enterprise.

The RSA Archer Suite helps by automating the drudge work, providing context for incident reports, and other data flows and ensuring a common taxonomy, workflow and metrics across the enterprise. RSA Archer leaves human security personnel free to look at the bigger picture—and make decisions based on real-time, accurate information, intuitively displayed.

January 28, 2019
By Dave Mihelcic
When it comes to IT modernization, agencies often set their sights on adopting next-generation technology, but cybersecurity must be a priority. Credit: PIRO4D/Pixabay

More than a year has passed since the Modernizing Government Technology (MGT) Act was signed into law, cementing the establishment of a capital fund for agencies to support their special IT projects. The MGT Act prompted defense and intelligence agencies to accelerate the replacement of legacy systems with innovative and automated technologies, especially as they explore new ways to mitigate security risks like those experienced all too often by their private sector counterparts.

January 16, 2019
By Julianne Simpson
Dennis A Crall, USMC, principal deputy cyber advisor, Office of the Secretary of Defense, speaks at CERTS.

The focus of the second annual Cyber Education, Research and Training Symposium (CERTS) is national cyber policy and cyber workforce training. During his keynote address, Brig, Gen. Dennis A Crall, USMC, principal deputy cyber advisor, Office of the Secretary of Defense, stated, “Education and training is assembled for one reason and one reason only, and that’s warfighting."

“Everything we do is based on mission threats,” Gen. Crall added. “We are a mission-oriented group. When we talk about technology, people, training and education ...we don’t do cyber for cyber, we don’t educate for education's sake, we do that for the warfighting mission that we can accomplish.”

January 16, 2019
By Julianne Simpson
Rob Joyce, senior cyber advisor to the director, NSA, talks about the cyber workforce shortage at CERTS.

There is not enough skilled talent for the growing need of the cyber community. Based on a state-by-state analysis on cyberchair.org, there are currently 320,000 open cyber jobs in the United States. Projections get worse. According to a CISCO report, by 2020 there will be 1 million unfilled cyber positions worldwide.

“We need to make systemic changes to address that gap,” said Rob Joyce, senior cybersecurity strategy advisor to the director, National Security Agency (NSA), and former cybersecurity advisor to the president.

October 1, 2018
By Dustan Hellwig
Staff Sgt. Kristoffer Perez, USA, Cyber Electromagnetic Activities section, 1st Armored Brigade Combat Team, 1st Infantry Division, carries a dismounted electronic warfare kit that allows him to work in concert with the rest of his section. To get inside an enemy’s OODA loop, commanders will need a way to see how electronic warfare is affecting the battlespace. Photo by Sgt. Michael C. Roach, 19th Public Affairs Detachment

Work is needed to improve temporal, spectral and information understanding within the layers of the cyber domain to facilitate useful cyber-spectral and information maneuver. These advances could be incorporated into tactics, techniques and procedures as well as tactical and operational systems to enhance the overall military commanders’ decision process to achieve information dominance.

Most of the tactical cyberspace domain is spectrum-dependent and administered solely at the physical layer. Currently, warfighters cannot comprehend, much less maneuver within, a space that is inaccessible to them because they are not in a dimensionality to understand it. They operate in a cyber-spectral flatland.

September 27, 2018
Posted by Kimberly Underwood
President Donald Trump departs from the South Lawn of the White House on September 6.  With the issuance of the new National Cyber Strategy, the president promises his administration "will act to further enable the Department of Homeland Security (DHS) to secure federal department and agency networks.” Credit: Shealah Craighead

With the United States engaged in a “long-term strategic competition” with China and Russia, which are mounting persistent cyber attack campaigns that pose long-term risks to America, the U.S. military will act to deter aggression, cyber or otherwise, according to a new policy, known as the Department of Defense Cyber Strategy, from the U.S. Department of Defense.

Pages